From 78e7efa3aeb127d12b0d2e2b0f02afe15394de26 Mon Sep 17 00:00:00 2001 From: e-belfer Date: Mon, 16 Sep 2024 11:09:39 -0400 Subject: [PATCH 1/5] Fix typo and pass GITHUB_TOKEN --- .github/workflows/save_daily_metrics.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/save_daily_metrics.yml b/.github/workflows/save_daily_metrics.yml index 1b3f044..6e4bfe9 100644 --- a/.github/workflows/save_daily_metrics.yml +++ b/.github/workflows/save_daily_metrics.yml @@ -7,7 +7,7 @@ on: - cron: "0 20 * * *" jobs: - build: + save-daily-metrics: runs-on: ubuntu-latest permissions: contents: read @@ -22,7 +22,7 @@ jobs: with: environment-file: environment.yml cache-environment: true - ondarc: | + condarc: | channels: - conda-forge - defaults @@ -53,7 +53,7 @@ jobs: - shell: bash -l {0} name: Save Github Metrics env: - API_TOKEN_GITHUB: ${{ secrets.API_TOKEN_GITHUB }} + API_TOKEN_GITHUB: ${{ secrets.GITHUB_TOKEN }} run: | python src/usage_metrics/scripts/save_github_metrics.py From a5ee4663711cc159aada448bb92ffd3dd943cba2 Mon Sep 17 00:00:00 2001 From: e-belfer Date: Mon, 16 Sep 2024 11:22:54 -0400 Subject: [PATCH 2/5] Test without scoped permissions --- .github/workflows/save_daily_metrics.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/save_daily_metrics.yml b/.github/workflows/save_daily_metrics.yml index 6e4bfe9..d2882b6 100644 --- a/.github/workflows/save_daily_metrics.yml +++ b/.github/workflows/save_daily_metrics.yml @@ -9,9 +9,10 @@ on: jobs: save-daily-metrics: runs-on: ubuntu-latest - permissions: - contents: read - id-token: write + #permissions: + #contents: read + #metadata: read + #id-token: write steps: - uses: actions/checkout@v4 with: From eb5e6e182db287c0dd7405a006e724d3e1593574 Mon Sep 17 00:00:00 2001 From: e-belfer Date: Mon, 16 Sep 2024 17:07:01 -0400 Subject: [PATCH 3/5] Update Github token --- .github/workflows/save_daily_metrics.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/save_daily_metrics.yml b/.github/workflows/save_daily_metrics.yml index d2882b6..8da4e09 100644 --- a/.github/workflows/save_daily_metrics.yml +++ b/.github/workflows/save_daily_metrics.yml @@ -54,7 +54,7 @@ jobs: - shell: bash -l {0} name: Save Github Metrics env: - API_TOKEN_GITHUB: ${{ secrets.GITHUB_TOKEN }} + API_TOKEN_GITHUB: ${{ secrets.USAGE_STATS_ACCESS_TOKEN }} run: | python src/usage_metrics/scripts/save_github_metrics.py From 20a23fe099933de7106cadf801d1ce6a6fa3a5a7 Mon Sep 17 00:00:00 2001 From: e-belfer Date: Mon, 16 Sep 2024 17:12:03 -0400 Subject: [PATCH 4/5] restore permissions --- .github/workflows/save_daily_metrics.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/save_daily_metrics.yml b/.github/workflows/save_daily_metrics.yml index 8da4e09..b090f3e 100644 --- a/.github/workflows/save_daily_metrics.yml +++ b/.github/workflows/save_daily_metrics.yml @@ -9,10 +9,9 @@ on: jobs: save-daily-metrics: runs-on: ubuntu-latest - #permissions: - #contents: read - #metadata: read - #id-token: write + permissions: + contents: read + id-token: write steps: - uses: actions/checkout@v4 with: From 73baa9ddbbda0841a987afebfc8c8925e99fb5e3 Mon Sep 17 00:00:00 2001 From: e-belfer Date: Tue, 17 Sep 2024 09:36:51 -0400 Subject: [PATCH 5/5] Update credentials --- .github/workflows/save_daily_metrics.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/save_daily_metrics.yml b/.github/workflows/save_daily_metrics.yml index b090f3e..4b45ecf 100644 --- a/.github/workflows/save_daily_metrics.yml +++ b/.github/workflows/save_daily_metrics.yml @@ -41,9 +41,7 @@ jobs: continue-on-error: true uses: "google-github-actions/auth@v2" with: - workload_identity_provider: "projects/345950277072/locations/global/workloadIdentityPools/gh-actions-pool/providers/gh-actions-provider" - service_account: "pudl-usage-metrics-etl@catalyst-cooperative-pudl.iam.gserviceaccount.com" - create_credentials_file: true + credentials_json: "${{ secrets.GCP_USAGE_METRICS_ARCHIVER_KEY }}" - name: "Set up Cloud SDK" uses: "google-github-actions/setup-gcloud@v2"